Hack The Box
Roadmap
Feedback
Changelog
Back to changelog
Powered by Canny

new

Enterprise

Offensive

Get hands-on in Windows environments with two new Professional Lab scenarios

Two new time-efficient Professional Lab scenarios are now live:
Sidecar
and
Push
.
Sidecar and Push are small Active Directory scenarios that simulate real-world Windows environments and contain two machines and two flags each. Sidecar simulates PKI abuse, detecting certificate-based persistence, and how shadow credentials enable stealthy lateral movement. Push covers advanced attack techniques including ClickOnce application exploitation, SCCM coercion, and ADCS exploitation via Golden Certificate attacks.
You’ll gain practical skills in:
  • Shadow credential and Kerberos attacks
  • Abusing SeTcbPrivilege privilege and .lnk files
  • Crafting malicious ClickOnce deployments
  • Coercing NTLM authentication with SCCM
  • ADCS Golden Certificate attacks
  • Advanced lateral movement techniques in Windows environments
Screenshot 2025-10-29 at 10
Screenshot 2025-10-29 at 10